Incorrect function signature in `TYPEHASH` leads to invalid voting.
Summary
The TYPEHASH constant contains wrong function signature for rankCandidates functiion, which leads to wrong voter address computed. If address computed preset in voters array, both voter and the address computed will loose their voting chance. Otherwise call reverts.
Vulnerability Details
The TYPEHASH constant holds function signature rankCandidates(uint256[]). But rankCandidates really takes array of address as arguments instead numbers as given in TYPEHASHwhich leads to wrong hash computed and compared. This leads to wrong address computed. If the wrong address computed is in the VOTERS list incorrect vote will be recorded resulting voters chance to give genuine votes.
Impact
There is a risk of including invalid votes, which wastes the voter's opportunity to participate.
Tools Used
Manual review
Recommendations
Correct the rankCandidates function signature in TYPEHASH constant.
Lead Judging Commences
Typehash hashes the wrong function input.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.